Date: Mon, 15 Jul 2002 00:05:25 +0200 (CEST) From: Oliver Fromme <olli@secnetix.de> To: freebsd-security@FreeBSD.ORG, "Crist J. Clark" <cjc@FreeBSD.ORG> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:29.tcpdump Message-ID: <200207142205.g6EM5P541393@lurza.secnetix.de> In-Reply-To: <20020714085734.GD56656@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Crist J. Clark <crist.clark@attbi.com> wrote: > On Sat, Jul 13, 2002 at 07:31:27PM +0200, Oliver Fromme wrote: > > [...] > tcpdump(8) can still be exploited to run abitrary code as that user. That's what I wrote. > [...] > It's not really a workaround, it just mitigates the potential for > damage should the bug be exploited. Again, I wrote exactly that (in the part of my mail that you did not quote). > > On a related matter: It would probably be a very good idea > > for tcpdump to drop priviledges right after opening the BPF > > device. > > tcpdump(8) never has elevated privileges. Not trough s-bits, but ... > It just runs as whoever > executes it. ... which is usually root because of the default permissions of the /dev/bpf* devices. That's the problem. > As you say, the way to run it at lower privileges is to > give a less privileged user read access to the bpf(4) devices. Or let tcpdump drop it's root priviledges after opening the devices. That would be similar to what openssh does when priviledge separation is enabled. Or what BIND does when running it with the -u option. I think a _lot_ more software should take precautions like that, and there is no reason to exclude tcpdump. Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "All that we see or seem is just a dream within a dream" (E. A. Poe) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207142205.g6EM5P541393>